(The only "perfect" security is locking your content in a box!)
We do not believe the marketplace will benefit from a simple beauty contest between digital watermarking technologies. Nor do we believe the issue of competing security systems is similar to the mostly options-oriented war of standards best represented by VHS vs. Betamax. Moreover, as a new, exciting field, much hype and misinformation is being distributed. With this in mind, we will differentiate between systems by defining terms in a consistent manner. In this vein, two existing commercial products are described vis-a-vis Giovanni.
Of special note, "embedding secure information into a signal is not the same as securely embedding information into a signal"! Giovanni is designed with strict, provable cryptographic protocols to ensure the highest confidence in a wide variety of implementations.
Historical note: Ironically, though our founder pioneered this field, initial use of the term "digital watermark" was vigorously criticized by many of the same companies now offering competing systems under the guise of "digital watermark systems." We have defined the term "digital watermark" on numerous occasions as differing from traditional watermarks in that the watermark message can also have independent intrinsic value aside from the value of the content it is used to protect. Unless patented Giovanni keys are used, however, the watermark message may be easily compromised and may not meet an evidentiary standard if intended for use in a court case.
Digimarc's PictureMarc is an Adobe Photoshop plug-in for still image "watermarks." It uses a fixed key to provide a "public watermark" which requires interpretation via a central management site, known to users as MarcCentre. A number of patents have been issued to Digimarc on this technology including the following two (US Patent#5,636,292, US Patent#5,710,834). Check out the patents if you have interests in the minutae of Digimarc's product. The first patent is fairly distinct in its claims on signal embedding, but is completely mutually exclusive to the Giovanni digital watermarking system and the use of keys to encode watermarks. Some of the disclosure indicates an interest in standardization of the watermark embedding process, whereas we feel users will be more able to determine security needs by comparing systems and architecture.
In essence a differencing of pixels' luminescence is digitally signed, using a discrete cosine transform (DCT). The block encoding method which is used in Digimarc's scheme is susceptible to overencoding by using the Digimarc process a second time on the same image. Additional patents have been granted to Digimarc, which can be seen on their site, but the underlying weakness remains. There is an interesting article in the internet publication of The New York Times, called CyberTimes, in the November 11,1997 issue written by Marty Katz. The article is available to subscribers but is highly recommended to potential users of watermarking technology.
Similarly, Signum Technologies Ltd's (formerly HighWater Signum) SureSign product uses a dongle that attaches to the user's computer and acts as the single key which uniquely identifies still images, as the user's, each time an image is "fingerprinted." Information about the dongle resides in Signum's central database for later comparison. Signum has filed for three patents. In effect, this is a variation on key escrow. Instead of escrowing the key, which is now made public, the watermark information has been escrowed. So in effect, you give up the security of secret keys and still take on the escrow model. Like Digimarc, their approach is a block encoding method (encoding by blocks of pixels). They have introduced a "key-based" system using 4 numbers (similar to a PIN for an ATM card)-- problem is, that means there are only 10 x 10 x 10 x 10 (or 10,000) possible combinations and plently of time to check them. There is no special one-way functions, such as hashes, to prevent duplication of the key. For more on this attack, please see Fabien Petitcolas' site. Giovanni key creation is patented and takes into consideration such weaknesses.
NEC and former Signafy's work.
Digimarc and Signum work in the "spatial domain" primarily, using blocks of pixels to encode the watermark message. The NEC application still requires that watermarked images be compared to an original unwatermarked master, for purposes of decoding the embedded information. The technology is rooted in the well-known NEC research by Cox et al. and is also susceptible to overencoding using the same encoding method a second time on the same image. Additional security problem: an unwatermarked original may be on a server and may be subject to server attacks. The product was originally designed as a 48 MB server product, although they have introduced a product more suitable to individual use. The patent relating to NEC's technology is "Spread spectrum watermark for embedded signalling."
Digimarc and Signum currently offer no support for watermarking data with a time dynamic, such as digital audio or video. Digimarc has partnered with Macrovision, a company heavily involved in securing analog VHS tapes, and Philips to offer a video watermarking solution, details of their proposal have been disclosed at the CPTWG (Copyright Protection Technical Working Group). NEC's technology has been partnered with IBM in the same forum, including members of the Galaxy Group. The progress of this ad hoc Group of companies is unclear, but there have been lengthy discussions regarding DVD video copyright protection over the course of the past three years.
Please see their respective sites for more details.
Further discourse on weaknesses of current still image implementations are at Deja News in some of the Newsgroup articles posted in 1997. A means for switching the watermark identity on a centralized server is disclosed. Another means of testing the watermark security, as previously discussed, is available from researchers at Cambridge. The application is called: StirMark
Again, Giovanni keys could be escrowed or maintained on separate databases at the request of the copyright owner; but it is ultimately not required. This is the inherent flexibility of the Giovanni watermark technology.
Though not entirely separate, characteristics which may coincide in a watermark implementation: "spread-spectrum", or "frequency hopping", involves storing information in a pseudo-randomly selected set of sub-bands distinct from a larger set of signalling bands, commonly referred to as the frequency range, where the embedded signal changes pseudo-randomly over time within the limited and defined signalling band. So, this approach may be characterized as frame-based in these terms, in the sense that a frame is transferred to frequency domain, and then "spread-spectrumed". The spread-spectrum subbands are periodic over time/space, failing to utilize more of the available space to embed a watermark message.
The problem with spread-spectrum, as is being proposed for protection of copyrights, is that the limited number of signalling bands or signal band is too well-defined. This is not a problem for time or location-based security such as military communications (or now cellular phones), for which spread-spectrum was originally designed. Reason: pirates have a lot of time to focus their efforts on fixed image, audio or video files in attempting to erase embedded signals. Second reason: many commonly used transforms performed in studios, such as radio stations, including frequency notches, all band pass filters, and EQ, to boost the loudness of the broadcast signal, may inadvertently erase a watermark. JPEG is a very standard test for determining if a still image watermark is "secure", as JPEGs are widely used in web sites. Additionally, time-based compression and expansion are clearly methods for successful attacks on frequency-based approaches, as the subbands are not effectively "separated" from the spatial or time domains.
Thorn's Central Research Laboratory's (CRL) ICE, and similar implementations of spread spectrum-like technology, rely on the same encoding band for all instances, which allows hardware to be built easily, but guts the security of the system. Additionally, when relying on frequency masking to boost the encoding level, as proposed by BBN (US Patent#5,319,735), this same masking acts as a weakness which can be exploited in randomization attacks. It so happens that all the spread-spectrum currently being disclosed to protect audio and other multimedia signals also require "difference" information from original masters to extract useful information or fairly rough estimates of a referenced region of the carrier subband, and this, despite the fact they may be technically frame-based, creates alignment issues when there is clipping of the signal, for instance, 20 seconds of a 3 minute song. Moreover, the encoding of watermark information, on-the-fly, may make the unwatermarked original signal suspect to network attacks. More technical information is provided in the Research area. Solana Technology and Arbitron are also related to these approaches in that a subband is used to create a composite or embedded signal.
Frame-based systems, as Giovanni is more generally described, have a distinct advantage over signature-like systems. A signature-like system (i.e. Digimarc, Signum or NEC) inserts a limited amount of information, typically a serial number, into a large chunk of samples as a whole (like a digital image or a complete recording). Although Digimarc and Signum encode in the spatial domain, NEC is frequency-based. These implementations work in respective domains so they are susceptible to manipulations affecting the domain not utilized in encoding. NEC analyzes the frequency components over the whole signal, making the spectral transform analysis more accurately reflect the true signal - if short chunks are used, it is a coarser approximation - meaning fine noise components cannot be resolved. Some techniques, like Digimarc, isolate and then sign the noise component, which can be moved around, but never removed. Nevertheless, the proposed systems have common elements depending on applicability to still pictures or audio and video, which have time domains: there is typically a need for a complete suspect copy for "irrefutable proof," a limited capacity for info storage, and, generally, master comparison to extract watermark information.
The Achilles' heel of some of these implementations may actually be in the transform chosen to perform the watermarking function and, by effects, its inverse relationship to the decoding function. Meaning, access to freely available detection or decoder "plug-ins" gives a pirate all he needs to reverse the decode process and determine how best to destroy the encoded signal, or at least obstruct it. The linear methods used for encoding/decoding are enough to establish a parallel relationship between what and how the embedded information was inserted. These processes are overwhelmingly, insecure and linear. What is encoded is easily erased with any cursory knowledge of the decoder, typically available to anyone on the Internet. These implementations do not hop between bands over short periods of time, but rather manipulate and check energy frequency distributions over large areas of the signal.
A number of systems related to rights protection, which we have had varying degrees of access to both actual working implementations, research as well as documentation, are listed here:
Historical note: The inventors of "frequency hopping" or "spread spectrum" were a Hollywood actress,and beauty of that era, Hedy Lamarr, and composer George Antheil. They received a patent for wireless broadcast technology, believed to be the foundation of spread spectrum, in 1942. While spread spectrum is the basis of security in many communications systems, even cellular phones, among other uses, we do not believe that it is the best technology to deploy, alone,when seeking to protect fixed media files.
Work in the area of "buried data technique" by the late Michael Gerzon and Peter Craven is documented in the audio industry and mentioned in our initial, independent sonic effects test. Gerzon and Craven's randomized insertion of data in the audio signal is similar to single key implementations in other proposals, not the key-implemented random insertion of data done with Giovanni. A weakness in the security of Gerzon and Craven's technique is that information is hidden in least significant bits (LSBs), which is easily removed without degrading sonic quality- by "flipping" these LSBs. Similar approaches with encoding in dither suffer from similar security weaknesses- by redithering the output.
Randomness is the only friend of those seeking to securely watermark!
Some important definitions to keep in mind when comparing different systems are:
A paper submitted by the founder at the 1997 RSA Data Security Conference may also be of interest. It is titled "Communications Theory and the Argent Digital Watermark System".
Feel free to search out related intellectual property on the IBM Patent Server, using such terms as "digital watermark", "steganography" and "copyright protection".
Related intellectual property can be accessed for the following companies. These companies are focused primarily on audio digital watermarking; the systems are primarily subband encoding approaches that have similarities to the BBN approach discussed above. None of these systems uses ciphers to generate a "cryptographic key" and instead are using the term "key" which more correctly represents a random seed, or the randomness associated with how an embedded signal hops between a number of carrier signal subbands. Because of the lack of a special one-way function, such as a secure one-way hash function, they are susceptible to overencoding even by the same system originally used in the encoding process. Simply, ownership becomes difficult to establish.
Some possible attacks are also noted for information and testing purposes only.
Solana Technology: US
Patent#5,822,360, US
Patent#5,719,937, US
Patent#5,687,191
Change the least significant bits to confuse the PN sequence that has
been created.
Time stretch or compression.
Aris Technologies:US
Patent#5,828,325, US
Patent#5,774,452
Change the peak value of the watermark signal.
Redither the output.
Add noise at a -30 dB noise floor.
Time stretch or compression.
Arbitron: a number of patents covering broadcast monitoring and related embedded signalling including: US Patent#5,612,729, US Patent#5,581,800, US Patent#5,579,124, US Patent#5,436,653
Additionally, the following patents are related but have fundamental differences in implementations: Los Alamos Labs US Patent#5,659,726 and US Patent#5,646,997
In simplistic terms, these systems, currently directed at audio, provide registered players which are able to connect with a server that proceeds to distribute content to the player. Typically, the content can only be played on a registered player to increase confidence in limiting copyright abuse and piracy. Visiting these sites is best done by users to determine the exact intentions of these companies.
Weaknesses and software hacks have been disclosed by various parties including "A2B2WAV". The fundamental weakness of proprietary players: once content is transferred into an "unsecure" format, the security is gone! What is more, nothing can be done to prevent such file format conversions. It would be akin to limiting the ability of folks to make compilations of CD tracks on cassette. Issues concerning fair use have arisen in various recent and not so recent court cases, please see our white paper "Convergence" for more detailed discussion.
We suggest that in addition to source tagging content with a secure Giovanni digital watermark, Scrambling can also be done to ensure that the distributed copy of the audio signal is associated with a single key. It is only this key which will unscramble the content and allow for unfettered listening or viewing. The intellectual property is basically unchanged. Digital watermarking is based on mapping data to a signal; Scrambling is based on "transfer functions."
The ability to hack an unauthorized player is an area for industry investigation and testing, especially with the rise of unauthorized MP3 versions of copyrighted songs. Care must also be taken in choosing security that is worthy of trust and confidence.
FYI: AT&T's a2b system has not yet (late 1999) adopted a digital watermarking scheme as part of its architecture. We believe their model may be tweaked and may cause endless numbers of copies of content to be distributed if a player is hacked successfully and the number of copies is changed (say 5 to 5000). The basis for a2b's architecture is built on the premise that copyright owners want other parties to distribute and exercise control over their content. Although this concept, known as "superdistribution," has been controversial, we do not believe that the premise of less control over digital copies is philosophically correct. We leave the debate to others, namely the content owners themselves.
Cerberus abandoned its proprietary file format in favor of formats offered by Fraunhofer (developers with Thomson of the infamous MPEG 1 Layer 3, MP3 for short, algorithm). Liquid Audio licensed Dolby technology for its format and has now disclosed that they will support MP3 as well. Music.co.jp has a number of alternatives including a CODEC developed by NTT, the Japanese telecommunications giant, called TwinVQ ("vector quantization").
The most misunderstood , currently under-researched, potential weakness is the ability of persons to perform comparisons between a proprietary file format and its CD version of the copy (in computer terms, the corresponding AIFF, WAV, or SDII file). The ability to determine the file format of the proprietary player has the implication of enabling third parties to create a derivative, unauthorized player which will be able to play any content that was distributed by the company supporting the proprietary format, in an unauthorized manner.
Similarly attacks on digital watermark schemes, essentially "differencing" a signal that has been watermarked without cryptographically secure "keys" allows for pirates to strip out simple copy control schemes, without any price paid in terms of negatively altering the quality of the underlying signal. Comparing a "copy once" pre-recorded signal to the recorded version on a recordable version which now has watermark data that indicates "copy never" and the bits that comprise the watermark, and any security it "offers", are easily defeated.
MP3 and its "authentication" is one of many possible scenarios that are likely to be played out over the long run. Music copyright security will likely be chosen in much the same way credit card security was chosen. Trusted, provably secure implementations of key-based cryptography, under the subheading of "secure digital watermarking."
Historical note: Recent discussion of 3rd party authentication as a means to assist in stemming the tide of pirated MP3 works is not a new concept but something we originally invented. We have sought to educate innumerable parties on the subject in the best possible manner. The currency of free "open source" that can authenticate MP3 files is simply a false start. There is no such thing as a "free lunch." Giovanni, the underlying intellectual property, this web site as a whole, has been around for such approaches to security for a very long time. Buyer beware. Lots of folks, in the know, have provide invaluable feedback and support for our technology. We urge folks to investigate the security they choose. We also stress that security is a difficult concept, the many related issues that will undoubtedly unfold in 1999 are quite vast and exciting-- we welcome the challenge.
We encourage discourse on this important security issue.